Security Auditing detail


The Security auditing subsystem can be enabled and configured from this panel, by users assigned the auditor role.

To view this admin console page, click Security > Security Auditing. If Enable security auditing is not selected, then all of the other fields on this panel will be disabled.

Enable security auditing

The Enable security auditing check box allows users to enable or disable Security Auditing. By default, Security Auditing will not be enabled. This field corresponds with the auditEnabled field in the audit.xml file.

Audit subsystem failure action

The Audit subsystem failure action setting describes the behavior of the appserver in the event of a failure in the auditing subsystem. Audit Notifications must be configured in order for notifications of a failure in the audit subsystem to be logged. If security auditing is not enabled, then these actions will not be performed. Failures can include an error in the interface or in the event processing. By default, the audit subsystem failure action setting is set to No warning.

The Audit subsystem failure action dropdown menu has the following options:

  • No warning

    The No warning action specifies that the auditor will not be notified of a failure in the audit subsystem. WAS ND v7.0 will continue processing but audit reporting will be disabled.

  • Log warning

    The Log warning action specifies that the auditor will be notified of a failure in the audit subsystem. WAS ND v7.0 will continue processing but audit reporting will be disabled.

  • Terminate server

    The Terminate server action specifies the appserver to gracefully quiesce when an unrecoverable error occurs in the auditing subsystem. If e-mail notifications are configured, the auditor will be sent a notification that an error has occurred. If logging to the system log is configured, the notification of the failure will be logged to the system file.

Primary auditor user name

The Primary auditor user name dropdown menu defines a valid user which exists in the current user registry and for whom the auditor role has been given. By default, this field is blank and is a required field.

Enable verbose auditing

The Enable verbose auditing option determines the amount of audit data that is reported in an audit record. Verbose mode captures all the auditable data points, whereas not enabling verbose mode captures only a subset of the available data. This option is disabled by default.





 

Related tasks


Audit the security infrastructure

 

Related


Event type filters collection
Audit service provider collection
Audit event factory configuration collection
Audit encryption keystores and certificates collection
Audit record encryption settings
Audit record signing settings
Audit monitor collection